12fe4e5f8Sopenharmony_ci#!/bin/bash
22fe4e5f8Sopenharmony_ci#
32fe4e5f8Sopenharmony_ci# Copyright (c) 2020 Huawei Device Co., Ltd.
42fe4e5f8Sopenharmony_ci# Licensed under the Apache License, Version 2.0 (the "License");
52fe4e5f8Sopenharmony_ci# you may not use this file except in compliance with the License.
62fe4e5f8Sopenharmony_ci# You may obtain a copy of the License at
72fe4e5f8Sopenharmony_ci#
82fe4e5f8Sopenharmony_ci#     http://www.apache.org/licenses/LICENSE-2.0
92fe4e5f8Sopenharmony_ci#
102fe4e5f8Sopenharmony_ci# Unless required by applicable law or agreed to in writing, software
112fe4e5f8Sopenharmony_ci# distributed under the License is distributed on an "AS IS" BASIS,
122fe4e5f8Sopenharmony_ci# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
132fe4e5f8Sopenharmony_ci# See the License for the specific language governing permissions and
142fe4e5f8Sopenharmony_ci# limitations under the License.
152fe4e5f8Sopenharmony_ci#
162fe4e5f8Sopenharmony_ci
172fe4e5f8Sopenharmony_ciset -e
182fe4e5f8Sopenharmony_ci
192fe4e5f8Sopenharmony_cifunction usage() {
202fe4e5f8Sopenharmony_ci    echo "";
212fe4e5f8Sopenharmony_ci    echo "usage:";
222fe4e5f8Sopenharmony_ci    echo "     sec_os.sh <kernel bin> <kernel addr> <rootfs img> <rootfs addr> <other bin> <other addr>";
232fe4e5f8Sopenharmony_ci    echo "     e.g."
242fe4e5f8Sopenharmony_ci    echo "     sec_os.sh kernel.bin 0x100000 rootfs.img 0xA00000";
252fe4e5f8Sopenharmony_ci    echo "";
262fe4e5f8Sopenharmony_ci    exit 1;
272fe4e5f8Sopenharmony_ci}
282fe4e5f8Sopenharmony_ci
292fe4e5f8Sopenharmony_cifunction dec2hex(){
302fe4e5f8Sopenharmony_ci    printf "0x%08x" $1
312fe4e5f8Sopenharmony_ci}
322fe4e5f8Sopenharmony_ci
332fe4e5f8Sopenharmony_cifunction h2nl() {
342fe4e5f8Sopenharmony_ci    local tmp1=$[$1 & 0xff]
352fe4e5f8Sopenharmony_ci    local tmp2=$[$[$1 & 0xff00] >> 8]
362fe4e5f8Sopenharmony_ci    local tmp3=$[$[$1 & 0xff0000] >> 16]
372fe4e5f8Sopenharmony_ci    local tmp4=$[$[$1 & 0xff000000] >> 24]
382fe4e5f8Sopenharmony_ci    local val=$[$[$tmp1 << 24] | $[$tmp2 << 16] | $[$tmp3 << 8] | $tmp4]
392fe4e5f8Sopenharmony_ci
402fe4e5f8Sopenharmony_ci    echo $val
412fe4e5f8Sopenharmony_ci}
422fe4e5f8Sopenharmony_ci
432fe4e5f8Sopenharmony_ciif [ $# == 0 ] || [ $(($#%2)) != 0 ]; then
442fe4e5f8Sopenharmony_ci    usage
452fe4e5f8Sopenharmony_cifi
462fe4e5f8Sopenharmony_ci
472fe4e5f8Sopenharmony_cisig_num=$(expr $# / 2)
482fe4e5f8Sopenharmony_ci
492fe4e5f8Sopenharmony_ci# for 2048
502fe4e5f8Sopenharmony_ciif [ -f rsa_priv_2048.pem ]; then
512fe4e5f8Sopenharmony_ci
522fe4e5f8Sopenharmony_ciif [ -f x509_2048.bin ]; then
532fe4e5f8Sopenharmony_ci  rm x509_2048.bin
542fe4e5f8Sopenharmony_cifi
552fe4e5f8Sopenharmony_ci
562fe4e5f8Sopenharmony_ci#add x509 len
572fe4e5f8Sopenharmony_cicp  x509_creater/rsa_public_key_2048.der rsa_public_key_2048.der
582fe4e5f8Sopenharmony_cifilesize=`wc -c < rsa_public_key_2048.der`
592fe4e5f8Sopenharmony_ci
602fe4e5f8Sopenharmony_cia=$(($filesize % 16))
612fe4e5f8Sopenharmony_ciif [ "$a" == 0 ];then
622fe4e5f8Sopenharmony_cib=0
632fe4e5f8Sopenharmony_cielse
642fe4e5f8Sopenharmony_cib=$((16-$a))
652fe4e5f8Sopenharmony_cifi
662fe4e5f8Sopenharmony_cicp  rsa_public_key_2048.der rsa_public_key_16byte_alig.bin
672fe4e5f8Sopenharmony_cifor((i=1;i<=$b;i++))
682fe4e5f8Sopenharmony_cido
692fe4e5f8Sopenharmony_ci    echo 0x00 | xxd -r >> rsa_public_key_16byte_alig.bin
702fe4e5f8Sopenharmony_cidone
712fe4e5f8Sopenharmony_cirm rsa_public_key_2048.der;
722fe4e5f8Sopenharmony_cifilesize=`wc -c < rsa_public_key_16byte_alig.bin`
732fe4e5f8Sopenharmony_ci
742fe4e5f8Sopenharmony_ci# add total length
752fe4e5f8Sopenharmony_ciall_len=0;
762fe4e5f8Sopenharmony_ciall_len=$[filesize+all_len];
772fe4e5f8Sopenharmony_ciall_len=$[256+all_len];
782fe4e5f8Sopenharmony_ciall_len=$[12+all_len];
792fe4e5f8Sopenharmony_ciall_len=$[264*sig_num+all_len];
802fe4e5f8Sopenharmony_ci
812fe4e5f8Sopenharmony_ciall_len=$(dec2hex $all_len)
822fe4e5f8Sopenharmony_ciall_len=$(h2nl $all_len)
832fe4e5f8Sopenharmony_ciall_len=$(dec2hex $all_len)
842fe4e5f8Sopenharmony_ci
852fe4e5f8Sopenharmony_ciecho $all_len | xxd -r > all_len.txt
862fe4e5f8Sopenharmony_cicat all_len.txt >>x509_2048.bin
872fe4e5f8Sopenharmony_cirm all_len.txt
882fe4e5f8Sopenharmony_ci
892fe4e5f8Sopenharmony_cisig_num_2048=$(dec2hex $sig_num)
902fe4e5f8Sopenharmony_cisig_num_2048=$(h2nl $sig_num_2048)
912fe4e5f8Sopenharmony_cisig_num_2048=$(dec2hex $sig_num_2048)
922fe4e5f8Sopenharmony_ciecho $sig_num_2048 | xxd -r > sig_num.txt
932fe4e5f8Sopenharmony_cicat sig_num.txt >>x509_2048.bin
942fe4e5f8Sopenharmony_cirm sig_num.txt
952fe4e5f8Sopenharmony_ci
962fe4e5f8Sopenharmony_cix509_len=$filesize
972fe4e5f8Sopenharmony_cix509_len=$(dec2hex $x509_len)
982fe4e5f8Sopenharmony_cix509_len=$(h2nl $x509_len)
992fe4e5f8Sopenharmony_cix509_len=$(dec2hex $x509_len)
1002fe4e5f8Sopenharmony_ciecho $x509_len | xxd -r > x509_len.txt
1012fe4e5f8Sopenharmony_cicat x509_len.txt >>x509_2048.bin
1022fe4e5f8Sopenharmony_cirm x509_len.txt
1032fe4e5f8Sopenharmony_ci
1042fe4e5f8Sopenharmony_cicat rsa_public_key_16byte_alig.bin >>x509_2048.bin
1052fe4e5f8Sopenharmony_cirm rsa_public_key_16byte_alig.bin
1062fe4e5f8Sopenharmony_ci
1072fe4e5f8Sopenharmony_ci#generate the signature
1082fe4e5f8Sopenharmony_cifor((i=1;i<=sig_num;i++))
1092fe4e5f8Sopenharmony_cido
1102fe4e5f8Sopenharmony_ci    bin_name_num=$(($i * 2 - 1))
1112fe4e5f8Sopenharmony_ci    bin_addr_num=$(($i * 2))
1122fe4e5f8Sopenharmony_ci    bin_name=${!bin_name_num}
1132fe4e5f8Sopenharmony_ci    bin_addr=${!bin_addr_num}
1142fe4e5f8Sopenharmony_ci    bin_addr_head=${bin_addr:0:2}
1152fe4e5f8Sopenharmony_ci
1162fe4e5f8Sopenharmony_ci    if [ "$bin_addr_head" != "0x" ] && [ "$bin_addr_head" != "0X" ]; then
1172fe4e5f8Sopenharmony_ci        echo "addr err!"
1182fe4e5f8Sopenharmony_ci        usage
1192fe4e5f8Sopenharmony_ci    fi
1202fe4e5f8Sopenharmony_ci
1212fe4e5f8Sopenharmony_ci    if [ -f "$bin_name" ]; then
1222fe4e5f8Sopenharmony_ci        #add signature
1232fe4e5f8Sopenharmony_ci        openssl dgst -sha256 -sign x509_creater/rsa_private_2048.key -sigopt rsa_padding_mode:pss\
1242fe4e5f8Sopenharmony_ci        -sigopt rsa_pss_saltlen:-1 -out {$bin_name}.txt $bin_name
1252fe4e5f8Sopenharmony_ci        cat {$bin_name}.txt>> x509_2048.bin
1262fe4e5f8Sopenharmony_ci        rm {$bin_name}.txt
1272fe4e5f8Sopenharmony_ci        #add length
1282fe4e5f8Sopenharmony_ci        filesize=`wc -c < $bin_name`
1292fe4e5f8Sopenharmony_ci        filesize=$(dec2hex $filesize)
1302fe4e5f8Sopenharmony_ci        filesize=$(h2nl $filesize)
1312fe4e5f8Sopenharmony_ci        filesize=$(dec2hex $filesize)
1322fe4e5f8Sopenharmony_ci        echo $filesize | xxd -r > filesize.txt
1332fe4e5f8Sopenharmony_ci        cat filesize.txt >>x509_2048.bin
1342fe4e5f8Sopenharmony_ci        rm filesize.txt
1352fe4e5f8Sopenharmony_ci        #add address
1362fe4e5f8Sopenharmony_ci        addr=$(dec2hex $bin_addr)
1372fe4e5f8Sopenharmony_ci        addr=$(h2nl $addr)
1382fe4e5f8Sopenharmony_ci        addr=$(dec2hex $addr)
1392fe4e5f8Sopenharmony_ci        echo $addr | xxd -r > addr.txt
1402fe4e5f8Sopenharmony_ci        cat addr.txt >>x509_2048.bin
1412fe4e5f8Sopenharmony_ci        rm addr.txt
1422fe4e5f8Sopenharmony_ci    else
1432fe4e5f8Sopenharmony_ci        echo "no $bin_name!"
1442fe4e5f8Sopenharmony_ci    fi
1452fe4e5f8Sopenharmony_cidone
1462fe4e5f8Sopenharmony_ci
1472fe4e5f8Sopenharmony_ciopenssl dgst -sha256 -sign rsa_priv_2048.pem -sigopt rsa_padding_mode:pss\
1482fe4e5f8Sopenharmony_ci -sigopt rsa_pss_saltlen:-1 -out cert_sig.bin x509_2048.bin
1492fe4e5f8Sopenharmony_cicat cert_sig.bin >> x509_2048.bin
1502fe4e5f8Sopenharmony_cirm cert_sig.bin
1512fe4e5f8Sopenharmony_ci
1522fe4e5f8Sopenharmony_cielse
1532fe4e5f8Sopenharmony_ci    echo "no rsa_priv_2048.pem!"
1542fe4e5f8Sopenharmony_cifi
1552fe4e5f8Sopenharmony_ci
1562fe4e5f8Sopenharmony_ci
1572fe4e5f8Sopenharmony_ci# for 4096
1582fe4e5f8Sopenharmony_ciif [ -f rsa_priv_4096.pem ]; then
1592fe4e5f8Sopenharmony_ci
1602fe4e5f8Sopenharmony_ciif [ -f x509_4096.bin ]; then
1612fe4e5f8Sopenharmony_ci  rm x509_4096.bin
1622fe4e5f8Sopenharmony_cifi
1632fe4e5f8Sopenharmony_cicp  x509_creater/rsa_public_key_4096.der rsa_public_key_4096.der
1642fe4e5f8Sopenharmony_ci#add x509 len
1652fe4e5f8Sopenharmony_cifilesize=`wc -c < rsa_public_key_4096.der`
1662fe4e5f8Sopenharmony_cia=$(($filesize % 16))
1672fe4e5f8Sopenharmony_ciif [ "$a" == 0 ];then
1682fe4e5f8Sopenharmony_cib=0
1692fe4e5f8Sopenharmony_cielse
1702fe4e5f8Sopenharmony_cib=$((16-$a))
1712fe4e5f8Sopenharmony_cifi
1722fe4e5f8Sopenharmony_cicp rsa_public_key_4096.der rsa_public_key_16byte_alig.bin
1732fe4e5f8Sopenharmony_cifor((i=1;i<=$b;i++))
1742fe4e5f8Sopenharmony_cido
1752fe4e5f8Sopenharmony_ci    echo 0x00 | xxd -r >> rsa_public_key_16byte_alig.bin
1762fe4e5f8Sopenharmony_cidone
1772fe4e5f8Sopenharmony_cirm rsa_public_key_4096.der
1782fe4e5f8Sopenharmony_cifilesize=`wc -c < rsa_public_key_16byte_alig.bin`
1792fe4e5f8Sopenharmony_ci# add total length
1802fe4e5f8Sopenharmony_ciall_len=0;
1812fe4e5f8Sopenharmony_ciall_len=$[filesize+all_len];
1822fe4e5f8Sopenharmony_ciall_len=$[512+all_len];
1832fe4e5f8Sopenharmony_ciall_len=$[12+all_len];
1842fe4e5f8Sopenharmony_ciall_len=$[520*sig_num+all_len];
1852fe4e5f8Sopenharmony_ci
1862fe4e5f8Sopenharmony_ciall_len=$(dec2hex $all_len)
1872fe4e5f8Sopenharmony_ciall_len=$(h2nl $all_len)
1882fe4e5f8Sopenharmony_ciall_len=$(dec2hex $all_len)
1892fe4e5f8Sopenharmony_ci
1902fe4e5f8Sopenharmony_ciecho $all_len | xxd -r > all_len.txt
1912fe4e5f8Sopenharmony_cicat all_len.txt >>x509_4096.bin
1922fe4e5f8Sopenharmony_cirm all_len.txt
1932fe4e5f8Sopenharmony_ci
1942fe4e5f8Sopenharmony_cisig_num_4096=$(dec2hex $sig_num)
1952fe4e5f8Sopenharmony_cisig_num_4096=$(h2nl $sig_num_4096)
1962fe4e5f8Sopenharmony_cisig_num_4096=$(dec2hex $sig_num_4096)
1972fe4e5f8Sopenharmony_ciecho $sig_num_4096 | xxd -r > sig_num.txt
1982fe4e5f8Sopenharmony_cicat sig_num.txt >>x509_4096.bin
1992fe4e5f8Sopenharmony_cirm sig_num.txt
2002fe4e5f8Sopenharmony_ci
2012fe4e5f8Sopenharmony_cix509_len=$filesize
2022fe4e5f8Sopenharmony_cix509_len=$(dec2hex $x509_len)
2032fe4e5f8Sopenharmony_cix509_len=$(h2nl $x509_len)
2042fe4e5f8Sopenharmony_cix509_len=$(dec2hex $x509_len)
2052fe4e5f8Sopenharmony_ciecho $x509_len | xxd -r > x509_len.txt
2062fe4e5f8Sopenharmony_cicat x509_len.txt >>x509_4096.bin
2072fe4e5f8Sopenharmony_cirm x509_len.txt
2082fe4e5f8Sopenharmony_ci
2092fe4e5f8Sopenharmony_cicat rsa_public_key_16byte_alig.bin >>x509_4096.bin
2102fe4e5f8Sopenharmony_cirm rsa_public_key_16byte_alig.bin
2112fe4e5f8Sopenharmony_ci
2122fe4e5f8Sopenharmony_ci#generate the signature
2132fe4e5f8Sopenharmony_cifor((i=1;i<=sig_num;i++))
2142fe4e5f8Sopenharmony_cido
2152fe4e5f8Sopenharmony_ci    bin_name_num=$(($i * 2 - 1))
2162fe4e5f8Sopenharmony_ci    bin_addr_num=$(($i * 2))
2172fe4e5f8Sopenharmony_ci    bin_name=${!bin_name_num}
2182fe4e5f8Sopenharmony_ci    bin_addr=${!bin_addr_num}
2192fe4e5f8Sopenharmony_ci    bin_addr_head=${bin_addr:0:2}
2202fe4e5f8Sopenharmony_ci
2212fe4e5f8Sopenharmony_ci    if [ "$bin_addr_head" != "0x" ] && [ "$bin_addr_head" != "0X" ]; then
2222fe4e5f8Sopenharmony_ci        echo "addr err!"
2232fe4e5f8Sopenharmony_ci        usage
2242fe4e5f8Sopenharmony_ci    fi
2252fe4e5f8Sopenharmony_ci
2262fe4e5f8Sopenharmony_ci    if [ -f "$bin_name" ]; then
2272fe4e5f8Sopenharmony_ci        #add signature
2282fe4e5f8Sopenharmony_ci        openssl dgst -sha256 -sign x509_creater/rsa_private_4096.key -sigopt rsa_padding_mode:pss\
2292fe4e5f8Sopenharmony_ci        -sigopt rsa_pss_saltlen:-1 -out {$bin_name}.txt $bin_name
2302fe4e5f8Sopenharmony_ci        cat {$bin_name}.txt>> x509_4096.bin
2312fe4e5f8Sopenharmony_ci        rm {$bin_name}.txt
2322fe4e5f8Sopenharmony_ci        #add length
2332fe4e5f8Sopenharmony_ci        filesize=`wc -c < $bin_name`
2342fe4e5f8Sopenharmony_ci        filesize=$(dec2hex $filesize)
2352fe4e5f8Sopenharmony_ci        filesize=$(h2nl $filesize)
2362fe4e5f8Sopenharmony_ci        filesize=$(dec2hex $filesize)
2372fe4e5f8Sopenharmony_ci        echo $filesize | xxd -r > filesize.txt
2382fe4e5f8Sopenharmony_ci        cat filesize.txt >>x509_4096.bin
2392fe4e5f8Sopenharmony_ci        rm filesize.txt
2402fe4e5f8Sopenharmony_ci        #add address
2412fe4e5f8Sopenharmony_ci        addr=$(dec2hex $bin_addr)
2422fe4e5f8Sopenharmony_ci        addr=$(h2nl $addr)
2432fe4e5f8Sopenharmony_ci        addr=$(dec2hex $addr)
2442fe4e5f8Sopenharmony_ci        echo $addr | xxd -r > addr.txt
2452fe4e5f8Sopenharmony_ci        cat addr.txt >>x509_4096.bin
2462fe4e5f8Sopenharmony_ci        rm addr.txt
2472fe4e5f8Sopenharmony_ci    else
2482fe4e5f8Sopenharmony_ci        echo "no $bin_name!"
2492fe4e5f8Sopenharmony_ci    fi
2502fe4e5f8Sopenharmony_cidone
2512fe4e5f8Sopenharmony_ci
2522fe4e5f8Sopenharmony_ciopenssl dgst -sha256 -sign rsa_priv_4096.pem -sigopt rsa_padding_mode:pss\
2532fe4e5f8Sopenharmony_ci -sigopt rsa_pss_saltlen:-1 -out cert_sig.bin x509_4096.bin
2542fe4e5f8Sopenharmony_cicat cert_sig.bin >> x509_4096.bin
2552fe4e5f8Sopenharmony_cirm cert_sig.bin
2562fe4e5f8Sopenharmony_ci
2572fe4e5f8Sopenharmony_cielse
2582fe4e5f8Sopenharmony_ci    echo "no rsa_priv_4096.pem!"
2592fe4e5f8Sopenharmony_cifi